Exam Sim Questions Flashcards

Question 1

Q

You want to ensure that the sender of the message or network transmission is authenticated, and not an imposter or a phishing attempt. What method provides the highest level of origin authentication?

Answer

A

AES-CCMP (Advanced Encryption Standard)(Counter Mode with Cypher Block Chaining Media Access Control Protocol)

Question 2

Q

You use a computer on a TCP/IP network to transfer data through well-known TCP port 80. Which protocol is most likely being used to transfer data?

Answer

A

HTTP (Hypertext Transfer Protocol)

Question 3

Q

Computer A needs the IP address of Computer B, but Computer A only knows Computer B’s FQDN. Where is this information found?

Answer

A

Forward Zone [FQDN = Fully Qualified Domain Name]

Question 4

Q

Which attack directs user traffic to a malicious web site without any outside communication from an attacker?

Answer

A

DNS poisoning

Question 5

Q

You are documenting the network layout for your company. You have discovered a firewall that has two network interfaces. Which firewall architecture have you discovered?

Answer

A

dual-homed firewall

Question 6

Q

You are the network administrator for a healthcare organisation. Recently several federal and state government laws hav been enacted which will affect network operations. Which change management documentation should record this information?

Answer

A

Regulations

Question 7

Q

Your company needs to be able to provide employees access to a suite of application. However, you do not want the employees to install a local copy of the applications. What method should you use to deploy the suite of applications?

Answer

A

SaaS (Software as a Service)

Question 8

Q

You are concerned about malware and workstation security, and you do not want users to use USB flash drives to export or import files. You also have no need for Telnet or FTP services. What should you do to increase security on your systems?

Answer

A

Disable device ports
Disable unnecessary services

Question 9

Q

What should a business with a main office downtown use to communicate with various offices in nearby suburban locations?

Answer

A

MAN (Metropolitan Area Network)

Question 10

Q

You just installed a replacement switch that was moved from one part of the network to a new location. After all the patch cables are reconnected, some users cannot communicate via email. What is the issue?

Answer

A

VLAN mismatch

Question 11

Q

You are troubleshooting a workstation that is not communicating with the network. You try a different port within the wiring closet hub, and this seems to fix the problem. What should you do next?

Answer

A

Connect to the network and try to transfer a file

Question 12

Q

You have been hired as a consultant for the medium-sized business. As part of your duties, you need to make recommendations on changes to the network. You decide that you want to install agents on the network devices to monitor network traffic and record the behaviour of network components. You will then use the statistical data that is gathered to make your recommendations. Which standard should you deploy?

Answer

A

SNMP (Simple Network Management Protocol)

Question 13

Q

For a new office space, you have been asked to choose a best cost solution for providing wireless network access for up to 60 employees. Your boss has informed you that there will be a mix of 802.11n and 802.11ac devices in use. The maximum distance from WAP to any user is 150ft (46M). Which kind of wireless access point should you buy?

Answer

A

802.1n the maximum indoor range is 230ft (70m) where as 802.11ac is only 115ft (35M)

Question 14

Q

Prior to deploying a new wireless access point at a retail store that is located in a strip mall, you decide to perform a site survey. What is the purpose of doing this?

Answer

A

to calculate the number of access points required for the coverage area
to find the frequency and power settings to be used on access points

Question 15

Q

You need to deploy 802.1x authentication that supports client-side digital certificates for authentication with access points. Which technology should you deploy?

Answer

A

EAP-TLS (Extensible Authentication Protocol with Transport Layer Security)

Question 16

Q

You install a second NIC in your Linux computer. Then you log on to the computer as root. You want to configure the new NIC with the IP address 192.168.0.1 and the subnet mask 255.255.255.0 . What command should you issue at a command prompt to configure the NIC?

Answer

A

ifconfig eth1 192.168.0.1 netmask 255.255.255.0 up

Question 17

Q

Which statement is true of a network based intrusion detection system? (NIDS).
a) an NIDS generate a finite number of alarms
b) An NIDS does not analyse realtime information
c) a NIDS cannot detect an intruder who is logged on to a host computer
d) an NIDS is active while gathering data over the network

Answer

A

c) a NIDS cannot detect an intruder who is logged on to a host computer

Question 18

Q

You have been hired as a network administrator for a large corporation. This network includes a large number of switches that must be identically configured. In the past this information has been configured manually. You want to automatically propagate the VLAN information to all switches on the LAN. What should you use?

Answer

A

802.1q VTP
To automatically propagate VLAN information to all switches on the LAN you should use VLAN Trunking Protocol (VTP) which is also referred to as 802.1q.

Question 19

Q

You have decided to implement ISAKMP. What is provided by this technology?

Answer

A

A protocol that works with IPSec to establish a secure session.
Internet Security Association and Key Management Protocol (ISAKMP)

Question 20

Q

What attack involves the use of multiple computers with the purpose of denying legitimate access to a critical server?

Answer

A

distributed denial-of-service (DDOS) attack

Question 21

Q

Your company is building a new facility, and you are tasked with designing the new network at that site. You will need multiple servers, switches, patch panels, UPS equipment and other equipment. You need to plan and document the placement of the equipment in the site’s network data centre. Which tool should you use?

Answer

A

Rack Diagrams - rack diagrams depict the placement of network equipment such as: routers, switches, hubs, patch panels, servers and more in a standard 19” wide cabinet called a rack

Question 22

Q

You have implemented an Ethernet CSMA/CD network for your company. Users complain of delays. When you research the issues, you discover that the network has low throughput. What is the most likely cause of delay on this network?

Answer

A

Collisions - an excessively high number of collisions occurring for a sustained length of time can cause delays and slow throughput. CSMA/CD will negotiate standoff timers to allow multiple devices to communicate on congested network segments

Question 23

Q

Your company is deploying a VoIP system on its premises at three locations. The internal VoIP system must communicate with the existing PSTN network. Which device will be necessary to permit network-based calls to access the PSTN, and for PSTN-based calls to access the network?

Answer

A

VoIP-PSTN gateway -These devices establish the routing of calls to the existing PSTN network

Question 24

Q

You administer your company’s network, which is connected to the internet. A firewall is configured between the company network and the internet. You want to prevent users on the internet from using HTTP to connect to computers on the company network. Which well-known TCP port should you block to prevent internet users from entering the company’s network on that port?

Question 25

Q

Workstation A4 and A5 were recently added to the network. Since the clients have been added, the network has been running very slowly. Which two conditions could be causing the problem?

Answer

A

A connector is loose
The bus network might be missing a terminator

Question 26

Q

You are explaining the function of a multi-layer switch to several junior administrators. On which data can multi-layer switches make routing decisions?

Answer

A

Port number
IP address
MAC address
Protocol
A multi-layer switch operates at Layers 2, 3, 4 of OSI model

Question 27

Q

You have reconfigured your network to change the cable type used on one of your subnets from Cat5 to Cat6. Which change configuration management documentation should you revise?

Answer

A

-Network Baseline
- Physical Network Diagram

Question 28

Q

You have been handed a document that details the steps to take to update the network drivers. What type of change management document do you have?

Answer

A

Procedures

Question 29

Q

Which DSL technology provides the highest data rate?
a) SDSL
b) HDSL
c) ADSL
d) VDSL

Answer

A

Very high data rate Digital Subscriber Line (VDSL) provides the highest data rate at 51 to 55 megabits per second over cable lengths of up to 1000ft or 300 metres

Question 30

Q

An employee shows you a web site that publishes the SSIDs and passwords for private wireless networks in your area. The information on your company’s wireless network is included. Of which type of attack is this an example?

Answer

A

War Chalking. Originally occurred when hackers wrote SSID and security information on the side of buildings. This attack has steadily evolved to the point where hackers are now publishing this information on websites

Question 31

Q

You have been hired as the network administrator. The company’s network consists of several subnetworks located in various locations across the southeast United States. You want to deploy switches across the different locations so that you can implement virtual local area networks (VLANs). What is the primary benefit of this implementation?

Answer

A

Users can be grouped by their work functions, by shared applications or protocols, or by department, regardless of their geographical location

Question 32

Q

A user is complaining about wireless connectivity. Their cubicle is on a concrete wall, and the wireless access point in mounted on the other side of the wall. What describes what is happening to the wireless signal that only has to travel a few inches?

Answer

A

Absorption - occurs when an object does not reflect or refract a wireless signal, but rather absorbs a portion of it. Different materials have different absorption rates, concrete high, drywall low

Question 33

Q

Users are unable to log in to the network. When you examine the authentication server, you see that CPU usage is almost 100%. What is most likely the issue?

Answer

A

Unresponsive Service

Question 34

Q

Which wireless topology only requires one access point to be physically connected to the wired network, while still offering maximum flexibility and redundancy?

Answer

A

Mesh - A mesh topology in wireless networks only requires one access point to be physically connected to the wired network where as in a traditional wireless network each access point must be physically connected to the wired network

Question 35

Q

You are setting up a 10-Mbps SOHO network at a residence. What is the lowest category or level of UTP cable that you should use as transmission medium for small LAN communication in the 10-Mbps range?

Answer

A

Category 3 - Although you could use Category 3 or Category 5 cable for the LAN, Category 3 is the lowest category cable that you could use for the LAN.

Question 36

Q

Your company has recently leased the office next door to the one currently being used. Both offices will be used. The current office has a Cat 6 network installed. The new office has a fibre network installed. You need to connect the networks of the two offices. Which device should you use?

Answer

A

Media Converter - Media converters work on the Physical layer of the OSI model

Question 37

Q

You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals:
- The VPN gateway should require the use of Internet Protocol Security (IPSec)
- All remote users must use IPSec to connect to the VPN gateway
- No internal hosts should use IPSec
Which IPSec mode should you use?

Answer

A

host-to-gateway - in this configuration, the VPN gateway requires the use of IPSec for all remote clients

Question 38

Q

You have replaced all of the routers on your network with switches. You then decide to turn off CSMA/CD. What is the result of your actions?

Answer

A

Network device will now operate in full-duplex mode

Question 39

Q

You are the network administrator for an organisation whose network uses the Open Shortest Path First (OSPF) routing protocol. Which metric does this protocol use for optimal path calculation?

Answer

A

Cost - OSPF is a link-state routing protocol which uses cost as a metric for optimal path calculation. It is an open standard protocol based on Dijkstra’s Shortest Path First (SPF) algorithm.

Question 40

Q

You need to copy the traffic from a single port to a different port, but prevent bidirectional traffic on the port. Which switch feature should you use?

Answer

A

Port Mirroring - Copies traffic from a single port to a different mirror port, but prevents bidirectional traffic on the port. It allows you to view all of the traffic for a single VLAN, no matter the switch where the traffic originates. Local port mirroring only uses ports from the same switch. Remote port mirroring uses ports from multiple switches.

Question 41

Q

Which mitigation technique reduces the attack profile of a device or network?

Answer

A

Role Separation - involves dividing server duties amongst two or more servers to reduce an attack profile.

Question 42

Q

An employee has just relocated to the New York office, after working in Paris for the past five years. Both offices use DHCP to issue IP addresses. She brought her company laptop with her. The laptop was issued in Paris. As she is settling into the new office, she is not able to connect to the network. What is the most likely cause of her problem?

Answer

A

Duplicate MAC addresses - can be caused by MAC address spoofing or by manufacturers reusing MAC addresses in their devices. Manufacturers will often ship NICs with duplicate MAC addresses to different geographic areas

Question 43

Q

The network administrator has changed the IP address of several servers on the network. Now a user named Jim is unable to connect to file shares on those servers using the computer name. You need to run the appropriate command(s) on Jim’s computer to resolve the problem

Answer

A

ipconfig /flushdns - All you need to do is flush the contents of the clients computers DNS cache

Question 44

Q

Which action would you perform to look for candidates for exploitation across an information system?

Answer

A

Vulnerability Scanning - looks for areas that are candidates for exploitation (weak spots) in networks, operating systems, applications and equipment. Vulnerability scans can also identify the effectiveness of in-place systems designed to prevent those exploits

Question 45

Q

A customer has asked you to deploy a solution based on port numbers that allows multiple computers to share a single IP address. Which addressing technology should you deploy?

Answer

A

PAT - Port Address Translation provides port address translation. When using PAT you are able to share a single public IP address among multiple computers on the same network

Question 46

Q

Which component of a computer use policy should state that the data stored on a company computer is not guaranteed to remain confidential?

Answer

A

No exception of privacy policy

Question 47

Q

A company procedure calls for using IPv4 and IPv6 loopback addresses as part of the troubleshooting process. What is the purpose of this tool?

Answer

A

To provide an IP address for testing the local IP stack without a physical network connection

Question 48

Q

A user reports that she cannot print from her computer. You also notice that they are unable to reach a supplier’s website. The operating system is Windows 8.1. Which command should you start with to help with your diagnosis?

Answer

A

ping - allows you to test the connection between a local computer and a node on the network.

Question 49

Q

A suburban office location for your company is located next door to a regional airport, where a US government regional weather radar system is also housed. You are tasked with setting up a wireless 802.11ac network in that location. You must select a range of 80MHz channels, some devices on that network have 802.11n wireless interfaces. Which channels should you choose?

Answer

A

Channels 36-48, Channels 149-161 - all 802.11n and 802.11ac client devices support use on these two bands. Channels 52-64 reserved for weather radar systems. Channels 100-144 also government weather radar systems and do not work with older 802.11n client devices. Channel 165 is only 20MHz wide.

Question 50

Q

You need to deploy a fibre distribution panel for datacenter, remote office, or local area network use. Which of the following are NOT important for such uses?
a) Support for SFP+
b) Bulkhead adapters and receptacles
c) Cable Storage
d) Cable Splices
e) Support for GBIC connectors
f) Cable termination

Answer

A

a) Support for SFP+ and e) Support for GBIC connectors

Question 51

Q

Technicians have recently reported to you that the type of lighting in your company’s building can affect the network communication. What type of lighting is in the building?

Answer

A

Fluorescent lighting fixtures - emit high levels of EMI

Question 52

Q

Which connection type allows for connections of up to 44.736Mbps?

Answer

A

T3 - The T-carrier system and E-carrier system offer several different levels of connections:
T1 = 1.544Mbps, 650ft, UTP/STP/Coaxial
T3 = 44.736Mbps, 450 ft, Coaxial
E1 = 2.048Mbps, 650ft, UTP/STP/Coaxial
E3 = 34.368Mbps, 450 ft, Coaxial

Question 53

Q

What is typically used to conceal the nature of a social engineering attack?

Answer

A

Believable language

Question 54

Q

While troubleshooting a network outage on a 10GBase-SW network, a technician finds a 500m fibre cable with a small service loop and suspects it might be the cause of the outage. What is most likely the issue?

Answer

A

Maximum cable length exceeded - On a 10GBase-SW network the maximum cable length is 300m

Question 55

Q

As a network administrator you decide to replace a hub on your network with an active hub. At which OSI layer does the new device function?

Answer

A

Physical - Active hubs or multiport repeaters amplify or regenerate signals to all other ports on the hub

Question 56

Q

Which suppression methods are recommended for a fire in a facility that involves paper, laminates, and wooden furniture?

Answer

A

Soda Acid, Water - Soda acid removed the fuel while water reduced the temperature this combination are used to extinguish class A fires

Question 57

Q

Which type of intrusion detection system (IDS) relies upon a database that contains the identities of possible attacks?

Answer

A

signature-based IDS - watches for intrusions that match a known identity or signature, must be updated to remain effective

Question 58

Q

You have been hired as a contractor to implement a small office home office (SOHO) network for a small business. While gathering the requirements and constraints regarding the network, you decide to implement two subnets on the network. What are the reasons for implementing subnets on an IP network?

Answer

A

to reduce congestion by decreasing network traffic
to increase network security
to expand the network
to reduce CPU use
to isolate network problems

Question 59

Q

You are designing a network for a new facility. The client wishes to provide main connection to several floors from where the ISP service enters the building. On each floor switches will handle the distribution to end devices. What would be the most helpful for maintaining and documenting those main connections?

Answer

A

IDF/MDF documentation - Intermediate Distribution Frame/Main Distribution Frame documentation first describes and details the primary ISP feed into the building, which is handled by the MDF. IDF/MDF Documentation also shows how the MDF splits out and feeds the various IDFs throughout the facility.

Question 60

Q

You are investigation possible unauthorised access to a Windows Server 2008 computer. The first step in your company’s investigation policy states that the current network connections must be documented. Which command should you use?

Answer

A

netstat - displays incoming and outgoing connections, routing tables and network interface statistics.

Question 61

Q

Which of the following can use RFID to identify the location of the object?
a) Key Fobs
b) Biometrics
c) Locks
d) Asset tags

Answer

A

d) Asset tags - also referred to as asset tracking tags can be labels with barcodes or QR codes, or can include radio frequency identification (RFID) chips that provide electronic tracking.

Question 62

Q

Which media-access method does the 802.11 standard specify for wireless networks?

Answer

A

CSMA/CA - Carrier Sense Multiple Access/Collision Avoidance

Question 63

Q

You have installed a new MAU on your Token Ring network because the old one is no longer supported by the product vendor. At what layer of the OSI model does this device operate?

Answer

A

The Physical Layer - A Multistation Access Unit (MAU) is a network connection concentrator used on Token Ring networks. Similar to a hub

Question 64

Q

You need to obtain the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which tool should you use?

Answer

A

netstat - Netstat is a TCP/IP utility that you can use to determine the computer’s inbound and outbound TCP/IP connections. It displays current connections and their listening ports

Answer 64

A

IP proxy services
Packet Filtering
HTTP proxy services

Answer 65

A

The computers are configured to operate in ad hoc mode.

Answer 66

A

TCP port 143 - Internet Message Access Protocol is an internet protocol for e-mail retrieval. IMAP4 works at the application layer of the OSI model

Answer 67

A

Beamwidth

Answer 68

A

The protocol will drop the packets, The application will automatically retransmit the packets when it detects UDP has dropped packets

Answer 69

A

CoS - Class of Service implements packet tagging in a local area network. It tags the different types of traffic, such as video streaming or VoIP. the tag is a value between 0 and 8, with 0 being the highest priority

Answer 70

A

It maps an hostname to an IP address

Answer 71

A

MTBF - Mean Time Between Failures is the average, or mean time between failures on a device or system. It is an expression of reliability

Answer 72

A

Switches, Bridges - use STP to prevent loops in the network. STP uses Spanning Tree Algorithm (STA) to help a switch or a bridge by allowing only one active path at a time.

Answer 73

A

Diameter was created to deal with VoIP and wireless services. It was created to address new technologies that RADIUS was not deigned to handle.

Answer 74

A

Implement sub-interfaces on your routers. Sub-interfaces are used to help manage multiple VLANs within a router and facilitate intercommunication with each other. A sub-interface can be configured virtually on a router or switch so that each device connected to a VLAN appears under the same IP address, causing the IP address to act as a default gateway

Answer 75

A

The new web address starts with https instead of http, users are most likely attempting to access via http:// instead of https://

Answer 76

A

MAC address - Port authentication on your network switches is based on the switch’s MAC address. If the switch is not specifically configured with a MAC address, the MAC address communication is not allowed through the switch port

Answer 77

A

ipconfig /flushdns - all you need to do is flush the contents of the client computer’s DNS cache

Answer 78

A

The ipconfig command with /release to release your computer’s lease on the TCP/IP configuration that it received from the DHCP server. If other computers cannot locate your computer on the network then you might need to renew the DHCP lease for your TCP/IP configuration which would use /renew

Answer 79

A

rsh - Remote Shell protocol is used to log onto remote computers and can be easily exploited by a man-in-the-middle attack (MITM) because it neither provides encryption nor authentication of data

Answer 80

A

How users are allowed to employ company hardware

Answer 81

A

BGP - Border Gateway Protocol is used between autonomous networks. BGP is an algorithm to determine the quickest route between networks

Answer 82

A

RADIUS - Remote Authentication Dial-in Service was originally designed for dial-up networking and validates the credentials of a remote user against a stored database

Answer 83

A

Physical Network Diagram, Network Baseline

Answer 84

A

Quarantine network - A NAC server would hold the policies that would control access to the network. If computers or mobile devices did not have the appropriate security controls configured, they would be placed on the quarantine network to isolate them

Answer 85

A

Asynchronous Transfer Mode (ATM) is NOT associated with data conversion between the ISP and the customer premises equipment. It is a network transmission model used in voice, video and data communications. ATM uses equally sized cells that are all 53 bytes long. The equal length of the data packets supports very high data rates. ATM is deployed in Optical Carrier (OC) backbone network segments

Answer 86

A

Establish what has changed -

Answer 87

A

Tagging and untagging ports, VLANs - VLANs allow you to segment a network and isolate traffic to different segments. VLANs are created by tagging and untagging ports on a switch

Answer 88

A

The IP header options allows more efficient forwarding and less rigid length limits, Some header fields have been dropped or made optional

Answer 89

A

The call terminates on an analog endpoint - If one call terminates on an analog endpoint, occasional audio problems are inevitable

Answer 90

A

To increase network security, To reduce congestion by decreasing network traffic

Answer 91

A

To provide an IP address for testing the local IP stack without a physical network connection

Answer 92

A

PPP - Point-to-Point Protocol should be used to establish a connection between the Point-to-Point Tunneling Protocol (PPTP) server in Las Angeles and the PPTP server in Paris

Answer 93

A

Deploy a test lab - all service packs and other updates will be deployed in the test lab first. If they do not cause any issues you can then deploy the service packs or updates in the live environment

Answer 94

A

Virtual NIC - In common practice it is bridged to the physical NIC on the host system so the virtual machine can communicate with another network segment or the internet

Answer 95

A

Soda acid, Water -Soda acid removes the fuel while water reduces the temperature.

Answer 96

A

stateful firewall - When traffic is encountered a stateful firewall first examines a packet to see if it is the result of a previous connection. Information about previous connections is maintained in the state table

Answer 97

A

Are other users also experiencing the same problem? - you will know if this is a network problem or a problem with the user’s logon process. Can the problem be duplicated? - If the problem cannot be duplicated it could be an intermittent problem or it could be something simple such as the user typing his password incorrectly

Answer 98

A

128Kbps - Each B channel in a Basic Rate Interface (BRI) Integrated Services Digital Network (ISDN) can provide a maximum data transfer rate of 64Kbps. A BRI ISDN line provides two bearer (B) channels which can be combined by the bonding protocol

Answer 99

A

SFP+ (Small Form-factor Pluggable Plus) - As data rates increase to 10Gbps and beyond networks make increasing use of fibre optic cables to convey the signals necessary to encode and transport the huge volumes of information involved.

Answer 100

A

Wireless bridges support higher bandwidth than E1/T1 - E1/T1 lines tend to be more expensive in the long term. Wireless bridges provide connectivity between two geographically separated LANs.

Answer 101

A

twenty-three - Each 802.11a channel utilises a RF bandwidth of 20MHz in Orthogonal Frequency Division Multiplexing (OFDM) modulation. This 20 MHz channel is split into 52 channels with 300KHz smaller sub-carriers, out of which 48 are used for data transmission. The eight non-overlapping channels can be used in a single area or cell to provide the cell a total bandwidth up to 532Mbps

Answer 102

A

Install a distributed network analyser, Install the network analyser on all four subnets

Answer 103

A

IDF/MDF documentation - Intermediate Distribution Frame/Main Distribution Frame documentation first describes and details the primary ISP feed into the building which is handled by the MDF. The documentation also shows how the MDF splits out and feeds the various IDFs throughout the facility. Most often an IDF will provide network service to a floor or department

Answer 104

A

WPA-Enterprise - requires the use of a RADIUS authentication server and is intended for large networks. Also referred to as WPA-802.1x

Answer 105

A

802.11g & 802.11a - Multipath distortion is caused by the reflection of radio frequency (RF) signal on surfaces while traveling between transmitter and the receiver. Also known as inter-symbol interference

Answer 106

A

firewall - A DMZ is a zone located between a company’s internal network and the Internet that usually contains servers that the public will be accessing. Usually two firewalls are used to create a DMZ. One firewall resides between the public network and DMZ and another firewall resides between the DMZ and private network.

Answer 107

A

SIP - Session Initiation Protocol is an Applications layer protocol, Real-time Transport Protocol (RTP) is another protocol used in VoIP

Answer 108

A

Diameter - It was created to address new technologies that RADIUS was not designed to handle.

Answer 109

A

Use the host’s MAC address with FFFE inserted in the middle, and invert the seventh most significant bit in the MAC address -

Answer 110

A

Nbtstat - displays NetBIOS over TCP/IP statistics on Windows computers. Use Nbstat to perform the following: Track NetBios over TCP/IP, Show details of incoming and outgoing NetBIOS over TCP/IP connections, Resolve NetBIOS names

Answer 111

A

That a single VLAN can be distributed across multiple switches

Answer 112

A

802.1x security generates dynamic encryption keys -

Answer 113

A

Transceiver mismatch - occurs when you have a fibre connector plugged into the wrong type fibre port

Answer 114

A

Error rate - a metric/tool that can be used to indicate the reliability of the network, expressed as a percentage.

Answer 115

A

TDMA - Time Division Multiple Access is obsolete. A 2G technology decommissioned in 2007-2009

Answer 116

A

Compliance with federal and state regulations

Answer 117

A

subnet: 172.16.4.0, broadcast: 172.16.5.255 - The valid host range is between 172.16.4.1 and 172.16.5.254

Answer 118

A

PAT - Port Address Translation provides port address translation, this is based on the port numbers. When using PAT you are able to share a single public IP address among multiple computers on the same network

Answer 119

A

Role separation - involves dividing server duties amongst two or more servers to reduce an attack profile

Answer 120

A

A Next Generation Firewall (NGFW) works at the application layer (Layer 7).

Answer 121

A

Labeling - Patch panel ports should be labeled and wall jackets should be labeled with the corresponding port number on the patch panel. The patch cable should have the same labeling. Switches, routers, hubs and wireless access points should be labeled as well as each piece of equipment in a server rack.

Answer 122

A

iptables - filtering can be performed using packet type, packet source/destination or target.

Answer 123

A

WPA - designed to work with older clients while implementing the 802.11i standard, was created to fix core problems with WEP

Answer 124

A

MPLS VPN - Multiprotocol Label Switching Layer 3 Virtual Private Network. This will allow all offices to connect to the same single-routed network and connect directly to the cloud

Answer 125

A

user identification with reusable password

Answer 126

A

Implement a HTTP proxy server - frequently accessed files are placed on the cache of this server

Answer 127

A

Periodically complete a site survey

Answer 128

A

Support for GBIC connectors, Support for SFP+ - These two options represent connectors used at endpoints, such as routers, switches and network interfaces. NOT connectors or functions present in FDPs themselves. FDPs generally offer Cable termination, Bulkhead adapters and receptacles, Cable splices and Cable storage

Answer 129

A

SNMP agent - runs on a managed device such as a router or a switch and collects management information.

Answer 130

A

Broadcast Domain - VLAN assignment is configured at the switch for each device that is connected to the device. VLANs enable many users at many locations to be in the same broadcast domain. VLANS span multiple collision domains, subnets and cable segments so users would not have these aspects of the network in common

Answer 131

A

The Physical Layer - An MAU is a network concentrator used on token ring networks. An MAU is similar to a hub, which is a network connection concentrator used on star-wired ethernet networks.

Answer 132

A

Incorrect Gateway - Make sure the local machine and the default gateway are on the same subnet. If what is entered as the gateway IP address is actually the IP address of the LAN side of your router, you will see a “Request Timed Out” message.

Answer 133

A

Pin 4, Pin 5, Pin 7, Pin 8

Answer 134

A

Local Authentication - the credentials are stored on the device being used (local device), not on a remote server. Local authentication is accomplished by the user providing credentials (typically a user name and password) and verifying those credentials against a local database

Answer 135

A

AH protocol in tunnel mode - Internet Protocol Security (IPSec) can be used in tunnel mode with the Authentication Header (AH) protocol to digitally sign and encapsulate each packet sent from the network within another packet. A Tunnel is a network communications construct that transports encapsulated packets.

Answer 136

A

protocol analyser - captures packets as they are transmitted on the network. If a password is transmitted in plain text you will be able to see the password in the packet. Also called network analysers or packet sniffers

Answer 137

A

IPAM - IP address Management allows integrations of DNS and DHCP so that each is aware of the changes in the other. IPAM allows for the discovery of servers associated with an IP address infrastructure responsibilities on the network and the ability to manage those servers from a central point

Answer 138

A

It maps an IP address to a hostname

Answer 139

A

Lower Latency, Increased capacity, Higher Scalability - Also allows for equal cost multipath (ECPM) instead of spanning tree protocol (STP) to prevent pathways from being oversubscribed while still preventing network loops

Answer 140

A

TLS - Transport Layer Security encrypts the messages transmitted between two authenticated computers, preventing third parties from reading the messages. TLS is the protocol being used when Secure Sockets Layer (SSL) is implemented. TLS works at the transport layer

Answer 141

A

UC Gateway - a unified communication (UC) gateway connects VoIP to your private branch exchange (PBX). Unified communications include VoIP, video, real-time services, quality of service (QOS) and UC devices.

Answer 142

A

Load Balancer

Answer 143

A

Router Advertisement - When a device that uses both IPv4 and IPv6 joins a network, it sends a router solicitation (RS) messuage using ICMP to contact the local IPv6-capable router on the network. The local router is turned into the all-router’s multicast group address which is ff02::2, and will receive the RS message. The router immediately answers with a routing advertisement (RA) message using ICMP to all nodes on the network. This uses the all nodes multicast group address which is ff02::1

Answer 144

A

The network cable is disconnected from the NIC on the LeadDev computer - Because the Shipmaster computer can connect to the DevServ computer, the communication path between these two computers is functioning normally. This path includes the NIC on the Shipmaster computer, the router between the shipping and development LANs, and the NIC on the DevServ computer.

Answer 145

A

1000BaseCX - supports a data transmission rate of 1 Gigabit per second over 150-ohm balanced copper cable. Supports a maximum cable segment length of only 25m. Designed to support connections between network nodes that are in close proximity such as nodes in the wiring closet.

Answer 146

A

RAS - Remote Access Service is a service provided by Windows that allows remote access to the network via a dial-up connection

Answer 147

A

High-gain antennas provide a small vertical beamwidth - Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have very narrow beamwidth. For example typical 6-dBi patch antenna has a 65-degree beamwidth but the 21-dBi parabolic dish antenna has a 12-degree radiation pattern.

Answer 148

A

HVAC systems - can be found in almost all settings due to their universal usage. HVAC systems are designed to handle heating, ventilation and air conditioning within a building.

Answer 149

A

screened subnet - Two firewalls are used in this configuration, one between the public network and DMZ and one between the DMZ and private network.

Answer 150

A

Rollover cable - You should use a rollover cable (also called a console cable) to connect to the console port on any Cisco device.

Answer 151

A

Collisions - Collisions on an Ethernet CSMA/CD network are normal and generally do not cause any negative effect. In fact they are required for proper operation. An excessively high number of collisions occurring for a sustained length of time can cause delays and slow throughput. CSMA/CD will negotiate standoff timers to allows multiple devices to communicate on congested network segments.

Answer 152

A

TGT - Ticket-Granting-Ticket. To ensure tickets expire correctly, clock synchronisation is used in Kerberos authentication. A client is granted a TGT from an Authentication Server (AS) which is sometimes referred to as a ticket granting server (TGS). The client then sends its TGT to a Key Distribution Centre (KDC) and the KDC sends a session key to the client.

Answer 153

A

Place digitised photographs of the employees in employee records

Answer 154

A

Twisted-Pair - the least expensive cabling media. Mass produced and widely available. Max length of 100m

Answer 155

A

UDP port 67 - Dynamic Host Configuration Protocol transmits dynamic IP address assignment, it is considered a connectionless protocol.

Answer 156

A

A CRC error - A cyclic redundancy check error occurs when a damaged or incomplete file causes the checksum value not to match the CRC value. These errors often occur when compressed files or archives are extracted but can also occur when reading and writing to local and external hard disks or other external media. The purpose of CRC is that it will check files and other data sites to ensure that there have been no changes to any raw data.

Answer 157

A

Configure the DNS server as a server option, Configure each router as a scope option for its appropriate scope - each scope will have a different router or default gateway. For this reason router or default gateway information must be configured at the scope level. If you configure this option at the server level all the clients would receive the same router configuration, which would not work because you have three different subnets.

Answer 158

A

Implement virtual servers and switches - allows you to host a Linux environment for Web services and a Windows environment for Active Directory services on the same physical server. Implementing virtual switches will allows you to host the services on a different broadcast domains.

Answer 159

A

Implement an active/active cluster - also known as a load-balancing cluster.

Answer 160

A

A fence - Fencing acts as the first line of defense against casual trespassers and potential intruders, but fencing should be complimented with other physical security controls such as guards and dogs to maintain the security of the facility

Answer 161

A

Physical Network Diagram - includes cable lengths and types, IP addresses, server roles, network equipment locations and number of network users. LOGICAL NETWORK DIAGRAMS DO NOT INCLUDE SERVER NAMES AND IP ADDRESSES

Answer 162

A

Telnet - is a user command and an underlying TCP/IP protocol for accessing remote hosts.

Answer 163

A

That a single VLAN can be distributed across multiple switches

Answer 164

A

netstat - displays incoming and outgoing connections, routing tables and network interface statistics

Answer 165

A

To permit multiple servers to share the same address
To eliminate host dependencies on specific, individual network interfaces
To permit the same address to access multiple domain names

Answer 166

A

Captive Portal - Captive portals are web pages, typically used in public networks, where users must complete some action before that are granted access to the network. Commonly seen in coffee shops, hotels and airports

Answer 167

A

A protocol that works with IPSec to establish a secure connection - Internet Security Association and Key Management Protocol

Answer 168

A

TXT - contains human readable text and are designed to help with fraudulent phising emails. The Sender Policy Framework (SPF) record within the TXT record helps filter out emails that are spoofed to appear as if they are coming from your domain. SPF looks at the IP address of the last SMTP server and verifies that the IP address and SMTP server match. Domain Keys Identified Mail (DKIM) validates that an email sent from a domain was authorised by the owner of the domain.

Answer 169

A

Other tenants can gain physical access to the resources that store your company’s data

Answer 170

A

Reserved client options -

Answer 171

A

Bridge - provides a quick and low-cost solution for dividing a network into different segments for the purposes of reducing network traffic. Bridges work by building routing tables based on MAC addresses. These routing tables enable bridges to determine which packets need to pass through the bridge to another segment, versus which packets should stay on the local segment.

Answer 172

A

Access control lists - An access control lists (ACL) allows you to define which types of traffic are allowed into or out of the network on a protocol-by-protocol basis. ACLs can also be configured based on port number, MAC address, IP address and other crtiteria.

Answer 173

A

Duplicate IP addresses

Answer 174

A

1000Base-CX - designed for wiring closets, transmission rate of 1000Mbps and maximum segment length of 25m

Answer 175

A

QoS - Quality of Service

Answer 176

A

Shared or open authentication - were the two insecure methods of authentication under WEP. Under Shared Key Authentication (SKA) all of the clients used the same key, making the key very vulnerable to being cracked. Like giving everyone a set of keys to the business
- An open wireless network does not require any form of authentication key which is like leaving the front door open

Answer 177

A

More stable and secure connections
Lengthy access time for a service
Less expensive network hardware

Answer 178

A

IPAM - IP Address Management allows integration of DNS and DHCP. IPAM allows for the discovery of servers associated with an IP address infrastructure responsibilities on the network and the ability to manage those servers from a central point.

Answer 179

A

A virus - The main criterion for classifying a piece of executable code as a virus is whether it spreads itself by means of hosts. The host could be any application or file on the system. A virus infects a system by replicating itself through application hosts. Viruses usually include a replication mechanism and an activation mechanism designed with a particular objective in mind. Viruses usually spread via infected disks, through email or via infected programs

Answer 180

A

Allocate two networks with /22 masks, and the remaining four with /23 masks

Answer 181

A

Pin 4, Pin 5, Pin 7, Pin 8

Answer 182

A

To terminate the VPN tunnels

Answer 183

A

Firewall - uses security policies

Answer 184

A

LC - A Lucent Connector fibre-optic connector is roughly half the size of the other fibre-optic connectors. Its smaller form allows for more space in the wiring closet.

Answer 185

A

Implement split horizon - Split horizon route advertisement prevents routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned

Answer 186

A

Green/White

Answer 187

A

It implements VLAN Trunking - It allows traffic from all VLAN to cross a single cable between two switches. If 802.1q was not implemented each seperate VLAN would require its own port connection

Answer 188

A

RAS - Remote Access Service is a service provided by Windows that allows remote access to the network via dial-up connection. In order to obtain a remote connection two services need to be in place: RAS and dial-up networking (DUN). The server that will establish the remote connection needs to have RAS so that it can link to the remote computer. The remote computer needs to have DUN so that it can connect to the remote server.

Answer 189

A

Application-level proxy firewall - it requires more processing per packet.

Answer 190

A

traceroute - finds the path a packet takes while being transmitted to a remote destination. Also used to track down routing loops or errors in a network

Answer 191

A

DTLS - Datagram Transport Layer Security is essentially a reimplementation of TLS which uses order-preserving TCP at the transport layer. DTLS uses the UDP protocol at the transport layer instead of TCP

Answer 192

A

Hop Count

Answer 193

A

Diagram symbols - should be standardised throughout the documentation

Answer 194

A

Logical Network Addressing

Answer 195

A

A diversity antenna system avoids multipath distortion

Answer 196

A

Serial Port - A serial port easily and regularly plays host to a modem which provides a dial-up link that network admins can use to access the device to which it is attached. The whole idea of OOB is to use a seperate communications link outside the scope and reach of the regular network. An OOB link provides a way to access a device even when the network is down or when the device needs to be powered up after a power fault or interruption.

Answer 197

A

Baselines

Answer 198

A

Anycast, Unicast, Multicast

Answer 199

A

RADIUS - Remote Authentication Dial-in User Service was originally designed for dial-up networking and validates the credentials of a remote user against a stored database

Answer 200

A

How users are allowed to employ company hardware

Answer 201

A

Physical Network Diagram - includes flow of network communication and symbols to indicate equipment function. Uses connecting line to show the physical layout of the devices in the network

Answer 202

A

IPS - Intrusion Prevention System is an improvement over an intrusion detection system (IDS) because an IPS actually prevents intrusion

Answer 203

A

SIP - Session Initiation Protocol, application layer protocol, allows you to transmit audio and video messages over a TCP/IP network

Answer 204

A

Attenuation - the term for a loss of signal strength as data travels over the network medium, also referred to as decibel (dB) loss

Answer 205

A

Two pairs of wires with a Cat5 UTP cabling
100Mbps data transmission rate
Maximum segment length of 100m

Answer 206

A

T1 - T1 lines can provide fast, digital connections of up to 1.544 Mbps, transmitting voice, data and video. A T1 line also provides a dedicated connection which means that it provides a 24hr link. A T1 line is more expensive that a dial-up connection using Plain Old Telephone Service (POTS) or an Integrated Services Digital Network (ISDN) connection but this company needs enough bandwidth to accomodate 6 executives which justifies the cost. If the full bandwidth of the T1 line proves too costly or unnecessary, fractional T1 is available. With fractional T1 you can subscribe to one or more of the channels at a lower cost

Answer 207

A

CSMA/CA - Carrier Sense Multiple Access/Collision Avoidance (like CSMA/CD for ethernet)

Answer 208

A

The 802.11b and 802.11g wireless access points - These two standards operate at the 2.4Ghz frequency and can be used interchangeably

Answer 209

A

Install another wireless access point that uses a different non-overlapping channel and the same SSID

Answer 210

A

CWDM - Coarse wavelength Division Multiplexing (CWDM) is a WDM system best for short-ranged fibre-optic transmission because it uses fewer than 8 active wavelengths per fibre. Employs wide-range frequencies with wavelengths that are far apart. CWDM is a compact and cost-effective option when spectral efficiency is not a requirement. (DWDM for long range, 6 wavelengths)

Answer 211

A

Class C - Class C addresses range from 192 to 223 decimal
[
Class A - 0 -126
Class B - 128-191
Class C - 192 -223
Class D - 224 - 239
Class E - 240 - 255
]

Answer 212

A

SSH - Secure Shell is used to create an encrypted remote terminal connection with a UNIX computer, secure alternative to Telnet

Answer 213

A

Port authentication on your network switches is based on the switch’s MAC address. If the switch is not configured with a MAC address the MAC address communication is not allowed through the switch port.

Answer 214

A

VNC - Virtual Network Computing products are widely and freely available for Windows, OS X, Linux, Android, iOS and Chrome. Many VNC products are easy to set up and use, interoperate among multiple versions and work well through corporate and personal firewalls. Best no-cost option

Answer 215

A

More stable and secure connections
Less expensive network hardware
Lengthy access time for a service

Answer 216

A

a TDR - Time Domain Reflectometer. Sends an electric pulse through a cable and measures the time required for the pulse to return

Answer 217

A

The IP header options allow more efficient forwarding and less rigid length limits
Some header fields have been dropped or made optional

Answer 218

A

A Virtual Local Area Network (VLAN) can be used to ensure that internal access to other parts of the network is controlled and restricted. Created using a switch. VLANs provide a layer of protection against sniffers and can also decrease broadcast traffic. Creating a VLAN is much simpler than using firewalls or implementing a virtual private network (VPN)

Answer 219

A

netstat - displays incoming and outgoing connections, routing tables and network interface statistics

Answer 220

A

Multistation Access Unit operates at the Physical layer (Layer 1). An MAU is a network connection concentrator used on star-wired Ethernet networks

Answer 221

A

Cat6a makes better use of conductors and shielding to support the nominal 100m distances for data up to 10Gbps.

Answer 222

A

Omnidirectional antenna

Answer 223

A

Dual-Homed Firewall - One interface connects to the public network the other to the private network

Answer 224

A

Move the new wireless access point
Change the channel used on the new wireless access point
Decrease the signal strength of the new wireless access point

Answer 225

A

iSCSI - Internet Small Computer Systems Interface protocol is used in SANs, LANs, WANs and the internet. Allows SCSI commands to transmit over an IP network

Answer 226

A

Virtual NIC

Answer 227

A

IPv6 network with a /56 global routing prefix - little or no cost to obtain, provides 256 subnets each with millions of nodes and supports IPsec end to end. In a situation where IPsec is needed end-to-end only IPv6 makes sense

Answer 228

A

Three - The 802.11g wireless access points only have three non-overlapping channels 1, 6, 11

Answer 229

A

Z-Wave - A wireless technology that creates a wireless mesh network with a primary controller. Each device communicates with its nearest neighbour much like routers communicate with each other.

Answer 230

A

Three - 1, 6, 11

Answer 231

A

Channel Overlap - Can cause performance issues. 11 channels are available in US but there is a high degree of overlap.

Answer 232

A

Network Address Translation (NAT)

Answer 233

A

10GBase-SW - for use with Synchronous Optical Networking (SONET) networks.

Answer 234

A

An Issuer - Signing a certificate verifies that the name and key in the certificate are valid. PKI is a system designed to securely distribute public keys. PKI typically consists of the following: certificates, a key repository, a method for revoking certificates and a method to evaluate a certificate chain

Answer 235

A

Lease time can be manipulated to reduce network traffic. Lease time for Windows is 8 days but lease times may be adjusted. If the network configuration seldom changes you might consider increasing the lease time. Every lease must be renewed and those renewals increase network traffic

Answer 236

A

Higher scalability
Increased capacity
Lower latency

Brainscape's Knowledge GenomeTM

Exam Sim Questions Flashcards

Review Observed Exam Questions

Brainscape's Knowledge Genome^TM